Blog Posts Tagged with "Legal"

Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...

While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...

There’s long been ample evidence the NSA has been unlawfully collecting Americans' communications since the passage of the FISA Amendments Act. As the New York Times reported in 2009, the NSA was still collecting purely domestic communications of Americans' in a "significant and systemic" way...

The intellectual property (IP) chapter would have negative ramifications for freedom and innovation and second, the process has shut out multi-stakeholder participation and is shrouded in secrecy. The TPP is a threat because it rewrites global rules on IP enforcement and restrict the public domain...

The proposed modifications to the definitions of "operator" and "website or online service directed to children" address commenters’ concerns related to the use of third party advertising networks and downloadable software kits, or plug ins, that collect personal information through child-directed websites...

The bill requires law enforcement to obtain a search warrant anytime it requests location information from an electronic device. It codifies the Supreme Court's decision from earlier this year that the installation of a GPS device for purposes of an investigation requires a search warrant...

Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...

Bottom line for all organizations, from the largest to the smallest: You need to establish messaging policies that clearly communicate that all emails sent through the company email system are subject to monitoring, and that no one using the system should have any expectation of privacy for the messages...

Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers...

The public has been pushing back on broad use of drones by law enforcement. At the request of reporters, advocacy organizations and city councils, public agencies have been required to justify their drone purchases and develop clear policies on when and under what conditions they will use drones for surveillance...

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Thus the problem of acquisition using RFS tools is that not only is the original source (the computer) not subjected to seizure, it is not in a static environment and can be manipulated. Evidence obtained from an unsecured system can always be subject to a challenge to its authenticity and reliability...

The FBI wants to be able to search and identify people in photos of crowds and in pictures posted on social media sites—even if the people in those photos haven’t been arrested for or even suspected of a crime. The FBI may also want to incorporate those crowd or social media photos into its face recognition database...

The Holmes decision further underscores difficulties in securing any recovery on a data breach lawsuit absent actual identity theft. However, the lengthy history of this case — dating back to 2008 including a challenge to a Court approved settlement — highlights that such cases are protracted and costly to defend...